Proposed Digital Evidence Sharing and Preserving Mechanism in Cloud Computing Environments

doi:10.26389/ajsrp.c080321

Abstract

Investigations and digital evidence have become an important and critical discipline that has made many researchers devote vigorous efforts to developing digital surveillance and investigation mechanisms, especially after the great expansion of the technical infrastructure on cloud computing platforms, which added more challenges to digital investigation. So far, no robust model has been found for preserving and exchanging digital evidence between clouds and users without this model causing a breach of user privacy or affecting performance. Most of the current studies on digital evidence exchange mechanisms rely at one stage of the exchange or evidence formation process on the CSP, which allows the cloud provider (or a malicious employee within the cloud provider) to manipulate the evidence or data. This research will present a proposal for a mechanism for sharing and preserving digital evidence between the cloud parties, taking into account the performance in the major cloud computing models (IaaS, PaaS, SaaS), and how this model can achieve evidence integrity and a less level of interference in the privacy of the user as well as the cloud service provider considering that may be more than one party accused as forgery. To achieve this, we have selected some digital evidence that digital investigators can rely on as digital forensic evidence in cases related to information crimes as a sample that can be exchanged and verified that none of them has tampered with this evidence, especially since cloud environments may go beyond having a single cloud that performs the service and thus there are several clouds involved in forming evidence, then we tested this mechanism by applying the SHA-2 Hashing process to digital evidence, then encrypting the output with the Elliptic Curve Cryptography algorithm and measuring the time needed to exchange and verify the evidence. We will compare the proposed model with models in previous studies to illustrate how the proposed model overcame the problem of relying on one party to form the evidence with the least impact for all parties on the level of performance or privacy, and how distributed SHA-2 hashing values proved its effectiveness in the inability of any party to deny the evidence or tamer it.

Highlights

3.1 Virtualization Technology is the simulation of the software and/or hardware upon which other software runs
‫‪In the model that we proposed, we assumed the most difficult cases, which include eliminating‬‬ ‫‪the total dependence on the cloud provider in digital investigation processes without neglecting the legal‬‬ ‫‪and regulatory aspect of the work taking into account cost and privacy, which led to a model that confirms‬‬ ‫‪the validity of the evidence with the least possible consumption of resources.‬‬
The most significant change that can be touched in this mechanism is the lightness forming and exchanging the evidence using SHA-2 and elliptic curve cryptography algorithm (ECC), table (7)

Summary

Introduction

3.1 Virtualization Technology is the simulation of the software and/or hardware upon which other software runs This simulated environment is called a virtual machine (VM). 3.2 Cloud Computing defined as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management efforts (P.Mell, 2011). Cloud Computing Service Models Cloud computing services can be presented in many types. The three main models are Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Softwareas-a-Service (SaaS). 3.3 Digital Evidence and Digital Forensics The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data

Objectives

Methods

Results

Conclusion